]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit - security/integrity/ima/ima_main.c
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f3cc6b2) | patch
integrity: use kernel_read_file_from_path() to read x509 certs
authorChristoph Hellwig <hch@lst.de>
Sun, 10 Sep 2017 07:49:45 +0000 (09:49 +0200)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Wed, 8 Nov 2017 20:16:36 +0000 (15:16 -0500)
commita7d3d0392a325d630225b7dbccf2558f944114e5
treefa0e65c07ebf6e6df340d6f0ab0b9f2ca62d3acdtree
parentf3cc6b25dcc5616f0d5c720009b2ac66f97df2ffcommit | diff
integrity: use kernel_read_file_from_path() to read x509 certs

The CONFIG_IMA_LOAD_X509 and CONFIG_EVM_LOAD_X509 options permit
loading x509 signed certificates onto the trusted keyrings without
verifying the x509 certificate file's signature.

This patch replaces the call to the integrity_read_file() specific
function with the common kernel_read_file_from_path() function.
To avoid verifying the file signature, this patch defines
READING_X509_CERTFICATE.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
include/linux/fs.h diff | blob | blame | history
security/integrity/digsig.c diff | blob | blame | history
security/integrity/iint.c diff | blob | blame | history
security/integrity/ima/ima_main.c diff | blob | blame | history
security/integrity/integrity.h diff | blob | blame | history
ubuntu-bionic-kernel mirror